Yes it is if he uses all his resources on hacking. Some of them hack into banks and military site. Yes, as long as you are connected to the internet, you risk being hacked. Don't put anything on the internet that has a positive probability of being hacked. In reality that means don't but very sensitive information on the internet. Online forms have had a reputation of being insecure.

This tutorial has emphasis on processing PHP forms with security in mind! There are too many tutorials out there that rely on PHP's notorious register_globals setting activated with very little or no form input validating. Proper validation of form input data is the most important step in protecting your form from hackers and spammers!